- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 6.2.2 is out
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgraded my lab 60E and noticed either a deliberate change in behaviour or a bug but i couldn't find it in the notes.
when dhcp dns settings are at default (same as system dns) and the WAN/internet connection retrieves dns servers from dhcp, the previous behaviour was for the dhcp aquired dns servers to be used in internal dhcp scopes. Now it uses the configured system dns (fortiguard by default), which could be fatal for users if you have restricted dns traffic in your policies
I haven't tested this on any other boxes to confirm so i could be mistaken but be aware
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Another bug. In IPS, the severity column is blank! You can't filter on severity as a result.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bascheew wrote:I can confirm I'm seeing the same thing. No severity or targets are populated in the GUI for IPS signatures so you can't filter on them.Another bug. In IPS, the severity column is blank! You can't filter on severity as a result.
*edit* Yup it's a known bug, scheduled to be fixed in 6.2.3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thuynh wrote:Hi bascheew, we could not reproduce the issue in our lab. Can you provide more details on your config (FGT model, FAP model, how's the FAP profile is setup, etc). Does it happen to new FAP profile? Your gif also doesnt work.
The Fortigate is 500e, APs are 421E. I cloned the profile and the same thing happened on the cloned profile. Let's see if this GIF works:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Richard, this is just a display issue. You should still be able to configure IPS profile and the feature still works as before.
- « Previous
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think perhaps you need to update your Kb article
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38704
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AlexFeren wrote:Wildcard FQDNs dont make sense in a firewall policy which is layer 3 / layer 4 based. They cant add it without confusing people and wondering why things dont work as expected.sigmasoftcz wrote:After being removed in 5.4?
Finally add support for wildcard FQDN addresses in firewall policy!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
boneyard wrote:but they did in 6.2.2 and it does seem to work better then expected.AlexFeren wrote:Wildcard FQDNs dont make sense in a firewall policy which is layer 3 / layer 4 based. They cant add it without confusing people and wondering why things dont work as expected.sigmasoftcz wrote:After being removed in 5.4?
Finally add support for wildcard FQDN addresses in firewall policy!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bascheew wrote:I think I found a bug.
On AP Profiles, if SSIDs are manually assigned and you choose to view the profile, the SSID fields will be blank and if you press OK then you save the profile with no SSIDs. If you're not paying attention you'll easily miss that you just removed any SSIDs!
See attached gif for how to reproduce:
Hi bascheew, we could not reproduce the issue in our lab. Can you provide more details on your config (FGT model, FAP model, how's the FAP profile is setup, etc). Does it happen to new FAP profile? Your gif also doesnt work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
simonorch wrote:Upgraded my lab 60E and noticed either a deliberate change in behaviour or a bug but i couldn't find it in the notes.
when dhcp dns settings are at default (same as system dns) and the WAN/internet connection retrieves dns servers from dhcp, the previous behaviour was for the dhcp aquired dns servers to be used in internal dhcp scopes. Now it uses the configured system dns (fortiguard by default), which could be fatal for users if you have restricted dns traffic in your policies
I haven't tested this on any other boxes to confirm so i could be mistaken but be aware
Hi simonorch, thank you for reporting the behaviour. This is actually a regression bug (internal reference M0589234) where incorrect DNS server is offered in management VDOM per your observation. This will be fixed in the next release.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure if it's a widespread bug or just happening to us, but we're getting SSLVPN -455 errors since we upgraded last night, but only on FortiToken users.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thuynh wrote:Hi bascheew, we could not reproduce the issue in our lab. Can you provide more details on your config (FGT model, FAP model, how's the FAP profile is setup, etc). Does it happen to new FAP profile? Your gif also doesnt work.
The Fortigate is 500e, APs are 421E. I cloned the profile and the same thing happened on the cloned profile. Let's see if this GIF works:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks bascheew, so the issue is only with SSID groups (SSID is not impacted). This is a known issue and will be fixed in the next release.
- « Previous
- Next »